Merge pull request #73 from codecov/feature/add_github_enterprise

starting onprem

Author: jason-ford-codecov

.github/workflows/release.yml

@@ -1,20 +1,17 @@
 # syntax=docker/dockerfile:1.3
 FROM haproxytech/haproxy-alpine:2.9
-
 RUN apk update --no-cache && apk upgrade --no-cache openssl && apk add --no-cache gettext
 RUN mkdir -p /etc/codecov/ssl/certs && chown haproxy:haproxy /etc/codecov/ssl/certs && chown haproxy:haproxy /etc/haproxy
-COPY --chmod=755 enterprise.sh /usr/local/bin/enterprise.sh
 COPY --chown=haproxy:haproxy --chmod=644 config/0-haproxy.conf /etc/haproxy/0-haproxy.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/0-haproxy-no-chroot.conf /etc/haproxy/0-haproxy-no-chroot.conf.template
+COPY --chmod=755 entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY --chown=haproxy:haproxy --chmod=644 config/3-ssl.conf /etc/haproxy/3-ssl.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/1-backends.conf /etc/haproxy/1-backends.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/1-minio.conf /etc/haproxy/1-minio.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/2-http.conf /etc/haproxy/2-http.conf.template
-COPY --chown=haproxy:haproxy --chmod=644 config/3-ssl.conf /etc/haproxy/3-ssl.conf.template
-
-COPY --chown=haproxy:haproxy --chmod=644 config/routing.map /etc/haproxy/routing.map
+COPY --chown=haproxy:haproxy --chmod=644 config/codecov.map /etc/haproxy/codecov.map
+COPY --chown=haproxy:haproxy --chmod=644 config/proxy.map /etc/haproxy/proxy.map
 COPY --chown=haproxy:haproxy --chmod=644 config/minio.map /etc/haproxy/minio.map
-RUN chown -R haproxy:haproxy /var/lib/haproxy && mkdir -p /run && chown -R haproxy:haproxy /etc/haproxy && chown -R haproxy:haproxy /run
-
 ENV CODECOV_API_HOST=api
 ENV CODECOV_API_PORT=8000
 ENV CODECOV_API_SCHEME=http
@@ -39,5 +36,7 @@ ENV BUILD_ID $COMMIT_SHA
 ENV BUILD_VERSION $VERSION
 EXPOSE 8080
 EXPOSE 8443
-ENTRYPOINT ["/usr/local/bin/enterprise.sh"]
 
+RUN chown -R haproxy:haproxy /var/lib/haproxy && mkdir -p /run && chown -R haproxy:haproxy /etc/haproxy && chown -R haproxy:haproxy /run
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

Dockerfile

@@ -3,33 +3,26 @@ release_version = `cat VERSION`
 build_date ?= $(shell git show -s --date=iso8601-strict --pretty=format:%cd $$sha)
 branch = $(shell git branch | grep \* | cut -f2 -d' ')
 epoch := $(shell date +"%s")
-dockerhub_image := codecov/self-hosted-gateway
-IMAGE := ${AR_REPO}
-export DOCKER_BUILDKIT := 1
+AR_REPO ?= codecov/gateway
+DOCKERHUB_REPO ?= codecov/self-hosted-gateway
+VERSION := ${release_version}-${sha}
+export DOCKER_BUILDKIT=1
+
 
 shell:
-	docker-compose exec gateway sh
+	GATEWAY_DOCKER_REPO=${AR_REPO} GATEWAY_DOCKER_VERSION=${VERSION} docker-compose exec gateway sh
 up:
-	docker-compose up -d
+	GATEWAY_DOCKER_REPO=${AR_REPO} GATEWAY_DOCKER_VERSION=${VERSION} docker-compose up -d
 
 refresh:
-	$(MAKE) build.local
+	$(MAKE) build
 	$(MAKE) up
 
-bootstrap:
-	$(MAKE) gcr.auth
-	$(MAKE) build.local
-
-gcr.auth:
-	gcloud auth configure-docker us-docker.pkg.dev
-
-build.local:
-	docker build . -t ${IMAGE}:${release_version}-latest --build-arg COMMIT_SHA="${sha}" --build-arg VERSION="${release_version}"
-	docker tag ${IMAGE}:${release_version}-latest ${IMAGE}:latest
-	docker tag ${IMAGE}:${release_version}-latest ${IMAGE}:latest-stable
+build:
+	make build.self-hosted
 
 build.self-hosted:
-	docker build . -t ${IMAGE}:${release_version}-${sha} -t ${IMAGE}:${release_version}-latest -t ${dockerhub_image}:rolling \
+	docker build . -t ${AR_REPO}:${VERSION} -t ${AR_REPO}:${release_version}-latest -t ${DOCKERHUB_REPO}:rolling \
 		--label "org.label-schema.build-date"="$(build_date)" \
 		--label "org.label-schema.name"="Self-Hosted Gateway" \
 		--label "org.label-schema.vendor"="Codecov" \
@@ -38,24 +31,25 @@ build.self-hosted:
 		--build-arg COMMIT_SHA="${sha}" \
 		--build-arg VERSION="${release_version}"
 
+
 tag.self-hosted-rolling:
-	docker tag ${IMAGE}:${release_version}-${sha} ${dockerhub_image}:rolling
+	docker tag ${AR_REPO}:${VERSION} ${DOCKERHUB_REPO}:rolling
 
 save.self-hosted:
-	docker save -o self-hosted.tar ${IMAGE}:${release_version}-${sha}
+	docker save -o self-hosted.tar ${AR_REPO}:${VERSION}
 
 load.self-hosted:
 	docker load --input self-hosted.tar
 
 push.self-hosted-rolling:
-	docker push ${dockerhub_image}:rolling
+	docker push ${DOCKERHUB_REPO}:rolling
 
 tag.self-hosted-release:
-	docker tag ${IMAGE}:${release_version}-${sha} ${dockerhub_image}:${release_version}
-	docker tag ${IMAGE}:${release_version}-${sha} ${dockerhub_image}:latest-stable
-	docker tag ${IMAGE}:${release_version}-${sha} ${dockerhub_image}:latest-calver
+	docker tag ${AR_REPO}:${VERSION} ${DOCKERHUB_REPO}:${release_version}
+	docker tag ${AR_REPO}:${VERSION} ${DOCKERHUB_REPO}:latest-stable
+	docker tag ${AR_REPO}:${VERSION} ${DOCKERHUB_REPO}:latest-calver
 
 push.self-hosted-release:
-	docker push ${dockerhub_image}:${release_version}
-	docker push ${dockerhub_image}:latest-stable
-	docker push ${dockerhub_image}:latest-calver
+	docker push ${DOCKERHUB_REPO}:${release_version}
+	docker push ${DOCKERHUB_REPO}:latest-stable
+	docker push ${DOCKERHUB_REPO}:latest-calver

Makefile

@@ -20,10 +20,10 @@ CODECOV_IA_HOST=IA
 CODECOV_IA_PORT=8000
 CODECOV_IA_SCHEME=http
 CODECOV_IA_HOST_HEADER="\$http_host"
-CODECOV_FRONTEND_HOST=frontend
-CODECOV_FRONTEND_PORT=5000
-CODECOV_FRONTEND_SCHEME=http
-CODECOV_FRONTEND_HOST_HEADER="\$http_host"
+CODECOV_DEFAULT_HOST=frontend
+CODECOV_DEFAULT_PORT=5000
+CODECOV_DEFAULT_SCHEME=http
+CODECOV_DEFAULT_HOST_HEADER="\$http_host"
 CODECOV_MINIO_HOST=minio
 CODECOV_MINIO_PORT=9000
 CODECOV_MINIO_SCHEME=http
@@ -44,14 +44,19 @@ CODECOV_IA_HOST=IA
 CODECOV_IA_PORT=8000
 CODECOV_IA_SCHEME=http
 CODECOV_IA_HOST_HEADER="\$http_host"
-CODECOV_FRONTEND_HOST=qa.codecov.dev
-CODECOV_FRONTEND_PORT=443
-CODECOV_FRONTEND_SCHEME=https
-CODECOV_FRONTEND_HOST_HEADER="qa.codecov.dev"
+CODECOV_DEFAULT_HOST=qa.codecov.dev
+CODECOV_DEFAULT_PORT=443
+CODECOV_DEFAULT_SCHEME=https
+CODECOV_DEFAULT_HOST_HEADER="qa.codecov.dev"
 ```
 
 ### SSL
-This is currently untested. It should be in a working state currently.
+1. Mount a valid cert in the container at `/etc/codecov/ssl/certs/cert.crt`
+2. Configure the env `CODECOV_GATEWAY_SSL_ENABLED=true` 
+
+### Proxy
+1. Configure the env `CODECOV_GATEWAY_PROXY_MODE_ENABLED=true`
+All requests will now be sent on to the configured CODECOV_DEFAULT host/port.
 
 ### Minio
 This is mostly intended for when using with docker compose. It makes /export and /archive route to the minio host. To enable minio features use the env var `CODECOV_GATEWAY_MINIO_ENABLED=true`

README.md

@@ -55,3 +55,10 @@ frontend stats
 
 backend be_gateway
     http-request return status 200 content-type "text/plain" string "${BUILD_VERSION} ${BUILD_ID}" if TRUE
+
+backend be_default
+    http-request set-header X-Forwarded-Port %[dst_port]
+    http-request set-header Host ${CODECOV_DEFAULT_HOST_HEADER}
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }
+    http-response set-header X-DEFAULT true
+    server s1 ${CODECOV_DEFAULT_HOST}:${CODECOV_DEFAULT_PORT} check ${CODECOV_DEFAULT_SSL_FLAG}init-addr last,libc,none

config/0-haproxy-no-chroot.conf

@@ -58,3 +58,10 @@ frontend stats
 
 backend be_gateway
     http-request return status 200 content-type "text/plain" string "${BUILD_VERSION} ${BUILD_ID}" if TRUE
+
+backend be_default
+    http-request set-header X-Forwarded-Port %[dst_port]
+    http-request set-header Host ${CODECOV_DEFAULT_HOST_HEADER}
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }
+    http-response set-header X-DEFAULT true
+    server s1 ${CODECOV_DEFAULT_HOST}:${CODECOV_DEFAULT_PORT} check ${CODECOV_DEFAULT_SSL_FLAG}init-addr last,libc,none

config/0-haproxy.conf

@@ -5,13 +5,6 @@ backend be_api
     http-response set-header X-API true
     server s1 ${CODECOV_API_HOST}:${CODECOV_API_PORT} check ${CODECOV_API_SSL_FLAG}init-addr last,libc,none
 
-backend be_frontend
-    http-request set-header X-Forwarded-Port %[dst_port]
-    http-request set-header Host ${CODECOV_FRONTEND_HOST_HEADER}
-    http-request add-header X-Forwarded-Proto https if { ssl_fc }
-    http-response set-header X-FRONTEND true
-    server s1 ${CODECOV_FRONTEND_HOST}:${CODECOV_FRONTEND_PORT} check ${CODECOV_FRONTEND_SSL_FLAG}init-addr last,libc,none
-
 backend be_ia
     http-request set-header X-Forwarded-Port %[dst_port]
     http-request set-header Host ${CODECOV_IA_HOST_HEADER}

config/1-backends.conf

@@ -1,4 +1,4 @@
 frontend http
     bind :${CODECOV_GATEWAY_HTTP_PORT}
-    use_backend %[path,map_reg("/etc/haproxy/routing.map")]
-    default_backend be_frontend
+    use_backend %[path,map_reg("/etc/haproxy/${CODECOV_GATEWAY_ROUTING_MAP}.map")]
+    default_backend be_default

config/2-http.conf

@@ -3,6 +3,6 @@ frontend ssl
     bind :${CODECOV_GATEWAY_HTTPS_PORT} ssl crt /etc/codecov/ssl/certs/cert.crt
     http-request set-header X-Forwarded-Proto https if { ssl_fc }
     http-request redirect scheme https unless { ssl_fc }
-    use_backend %[path,map_reg("/etc/haproxy/routing.map")]
+    use_backend %[path,map_reg("/etc/haproxy/${CODECOV_GATEWAY_ROUTING_MAP}.map")]
 
-    default_backend be_frontend
+    default_backend be_default

config/3-ssl.conf

@@ -3,7 +3,7 @@
 ^/internal(\/.*)?$  be_api
 ^/graphql(\/.*)?$  be_api
 ^/webhooks(\/.*)?$  be_api
-^/frontend_health$  be_frontend
+^/frontend_health$  be_default
 ^/gateway_health$  be_gateway
 ^/api_health(\/)?$  be_api
 ^/upload/v2(\/)?$  be_api